chore(deps-dev): Bump the minor-and-patch group across 1 directory with 9 updates

[dependabot]

Bumps the minor-and-patch group with 9 updates in the / directory:

Package	From	To
@anthropic-ai/sdk	0.100.1	0.104.1
@biomejs/biome	2.4.16	2.5.0
@google/genai	2.7.0	2.8.0
@types/node	25.9.1	25.9.3
@vitest/coverage-v8	4.1.7	4.1.8
ai	6.0.193	6.0.205
openai	6.39.1	6.42.0
tsx	4.22.3	4.22.4
vitest	4.1.7	4.1.8

Updates @anthropic-ai/sdk from 0.100.1 to 0.104.1

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.104.1

0.104.1 (2026-06-09)

Full Changelog: sdk-v0.104.0...sdk-v0.104.1

Bug Fixes

• api: add frontier_llm refusal category (465e686)

sdk: v0.104.0

0.104.0 (2026-06-09)

Full Changelog: sdk-v0.103.0...sdk-v0.104.0

Features

• api: add support for Managed Agents deployments and environment variable credentials (d01e38b)

sdk: v0.103.0

0.103.0 (2026-06-09)

Full Changelog: sdk-v0.102.0...sdk-v0.103.0

Features

• api: add support for claude-mythos-5 and claude-fable-5, with support for server-side fallbacks on refusal (cc337f7)
• client: adds client-side fallbacks middleware for API providers that do not support server-side fallbacks (cc337f7)
• middleware: add ctx.logger (#55) (edd1454)

Bug Fixes

• client: 3p middleware ordering (#53) (2a4c339)

sdk: v0.102.0

0.102.0 (2026-06-06)

Full Changelog: sdk-v0.101.0...sdk-v0.102.0

Features

• api: small updates to Managed Agents types (8ba4f92)

Bug Fixes

• client: run middleware before request signing (#45) (95f1a4a)

sdk: v0.101.0

0.101.0 (2026-06-05)

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.104.1 (2026-06-09)

Full Changelog: sdk-v0.104.0...sdk-v0.104.1

Bug Fixes

• api: add frontier_llm refusal category (465e686)

0.104.0 (2026-06-09)

Full Changelog: sdk-v0.103.0...sdk-v0.104.0

Features

• api: add support for Managed Agents deployments and environment variable credentials (d01e38b)

0.103.0 (2026-06-09)

Full Changelog: sdk-v0.102.0...sdk-v0.103.0

Features

• api: add support for claude-mythos-5 and claude-fable-5, with support for server-side fallbacks on refusal (cc337f7)
• client: adds client-side fallbacks middleware for API providers that do not support server-side fallbacks (cc337f7)
• middleware: add ctx.logger (#55) (edd1454)

Bug Fixes

• client: 3p middleware ordering (#53) (2a4c339)

0.102.0 (2026-06-06)

Full Changelog: sdk-v0.101.0...sdk-v0.102.0

Features

• api: small updates to Managed Agents types (8ba4f92)

Bug Fixes

• client: run middleware before request signing (#45) (95f1a4a)

0.101.0 (2026-06-05)

Full Changelog: sdk-v0.100.1...sdk-v0.101.0

Features

... (truncated)

Commits

• 9a0442d chore: release main
• 1ccd401 fix(api): add frontier_llm refusal category
• 8be0232 chore: release main
• 813af32 feat(api): add support for Managed Agents deployments and environment variabl...
• 589eed1 chore: release main
• a785874 feat(api): add support for claude-mythos-5 and claude-fable-5, with support f...
• 6322a4f fix(client): 3p middleware ordering (#53)
• c2e94fc feat(middleware): add ctx.logger (#55)
• f7dfb97 chore: release main
• a3f3c97 feat(api): small updates to Managed Agents types
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.4.16 to 2.5.0

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.5.0

2.5.0

Minor Changes

• #9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

  ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
  ! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
  × index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
  × main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.
  

• #9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

  Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

  <!-- Invalid: no keyboard handler -->
  <div onclick="handleClick()">Click me</div>
  <!-- Valid: has keyboard handler -->
  <div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
  <!-- Valid: inherently keyboard-accessible -->
  <button onclick="handleClick()">Submit</button>

• #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

  <!-- .typo is used but never defined -->
  <html>
    <head>
      <style>
        .button {
          color: blue;
        }
      </style>
    </head>
    <body>
      <div class="button typo"></div>
    </body>
  </html>

• #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.5.0

Minor Changes

• #9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

  ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
  ! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
  × index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
  × main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.
  

• #9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

  Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

  <!-- Invalid: no keyboard handler -->
  <div onclick="handleClick()">Click me</div>
  <!-- Valid: has keyboard handler -->
  <div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
  <!-- Valid: inherently keyboard-accessible -->
  <button onclick="handleClick()">Submit</button>

• #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

  <!-- .typo is used but never defined -->
  <html>
    <head>
      <style>
        .button {
          color: blue;
        }
      </style>
    </head>
    <body>
      <div class="button typo"></div>
    </body>
  </html>

• #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

  /* styles.css — .ghost is never used in any importing file */

... (truncated)

Commits

• c0b9832 ci: release (#10499)
• 995c1ff feat(lint): add useFunctionComponentDefinition rule (#10498)
• 311c2b2 fix(biome_configuration): avoid Markdown links in JSON schema descriptions (#...
• 04c3f19 fix: docs and readme (#10584)
• 961f41c refactor(useExportType): improve docs and code (#10569)
• 78075b7 feat(useExportType): add style option (#10561)
• 6642895 feat: rule promotion for v2.5 (#10562)
• 9a5855e feat: noRestrictedDependencies (#10467)
• 608a62f Merge branch 'main' into chore/merge-main-into-next
• 0f29b83 feat(linter): implement useIncludes rule (#10516)
• Additional commits viewable in compare view

Updates @google/genai from 2.7.0 to 2.8.0

Release notes

Sourced from @​google/genai's releases.

v2.8.0

2.8.0 (2026-06-03)

Features

• Add Agent Platform MCP support to async generate_content (baeaeaa)
• Add transcription language code. (d2981d6)
• Add TranslationConfig for live translation. (8c44240)
• Support ReinforcementTuning in GenAI SDK including ValidateReward API method. (36f0bfb)

Changelog

Sourced from @​google/genai's changelog.

2.8.0 (2026-06-03)

Features

• Add Agent Platform MCP support to async generate_content (baeaeaa)
• Add transcription language code. (d2981d6)
• Add TranslationConfig for live translation. (8c44240)
• Support ReinforcementTuning in GenAI SDK including ValidateReward API method. (36f0bfb)

Commits

• ea0dd60 chore(main): release 2.8.0 (#1646)
• 36f0bfb feat: Support ReinforcementTuning in GenAI SDK including ValidateReward API m...
• d2981d6 feat: Add transcription language code.
• 98ac90d chore: deprecate Google Maps grounding widget API fields
• 8c44240 feat: Add TranslationConfig for live translation.
• baeaeaa feat: Add Agent Platform MCP support to async generate_content
• c1d3cb7 chore: Internal cleanup
• bd78ed3 chore: Fix relative import path in pagers.ts.
• See full diff in compare view

Updates @types/node from 25.9.1 to 25.9.3

Commits

• See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.7 to 4.1.8

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

Commits

• e61f2dd chore: release v4.1.8
• e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• See full diff in compare view

Updates ai from 6.0.193 to 6.0.205

Release notes

Sourced from ai's releases.

ai@6.0.205

Patch Changes

• Updated dependencies [6160ced]
• Updated dependencies [c9b8abd]
  • @​ai-sdk/gateway@​3.0.131

ai@6.0.204

Patch Changes

• Updated dependencies [c5d4716]
  • @​ai-sdk/gateway@​3.0.130

ai@6.0.203

Patch Changes

• f42aa79: fix: harden download URL SSRF guard against hostname and redirect bypasses

  validateDownloadUrl and the file download helpers (downloadBlob, download) could be bypassed in several ways when handling untrusted URLs:

  • A fully-qualified hostname with a trailing dot (e.g. localhost., myhost.local.) skipped the localhost/.local blocklist.
  • IPv6 addresses that embed an IPv4 address in their last 32 bits — IPv4-compatible (::127.0.0.1), IPv4-translated (::ffff:0:127.0.0.1), and NAT64 (64:ff9b::127.0.0.1, including the 64:ff9b:1::/48 local-use prefix) — were not decoded and checked against the private IPv4 ranges.
  • Redirects were validated only after fetch had already followed them, so the request to a redirect target (e.g. an internal/metadata address) had already been issued before the check ran.
  • Several reserved/internal address ranges were not blocked: CGNAT (100.64.0.0/10, used by some cloud providers for internal traffic), benchmarking (198.18.0.0/15), IETF protocol assignments (192.0.0.0/24), the reserved 240.0.0.0/4 block (including the 255.255.255.255 broadcast address), and IPv6 site-local (fec0::/10) and multicast (ff00::/8).

  The validator now strips trailing dots before the hostname checks and fully expands IPv6 addresses to detect embedded private IPv4 targets. The download helpers now follow redirects manually (redirect: 'manual'), re-validating each hop before requesting it, so an unsafe redirect target is never fetched. When a redirect cannot be inspected because the runtime returns an opaque response, the helpers fail closed (reject the redirect) on the server; only in a real browser — where SSRF is not reachable (fetch is constrained by CORS and cannot reach a server's internal network or cloud-metadata endpoints) — is the redirect followed natively so legitimate redirected downloads keep working.

• 5291f7e: Harden stream text processing and middleware against prototype pollution from stream part IDs.

• b4b575a: fix: redact server error details from UI message streams by default

  streamText(...).toUIMessageStream() and createUIMessageStream defaulted their onError callback to getErrorMessage, which serializes the raw error (error.toString() / JSON.stringify(error)) into the client-facing { type: 'error', errorText } chunk — and also into tool-output-error parts. The documented default was () => 'An error occurred.', so applications relying on the documented behavior were unknowingly streaming server exception details (internal hostnames, paths, provider request data, validation inputs) to end users.

  The default onError now returns the documented generic 'An error occurred.'. Raw error details are only emitted when the developer explicitly supplies an onError handler. This also redacts tool-output-error and invalid-tool-input error text by default; pass an onError to surface richer messages.

• Updated dependencies [bfa5864]

• Updated dependencies [f42aa79]

  • @​ai-sdk/provider-utils@​4.0.29
  • @​ai-sdk/gateway@​3.0.129

Changelog

Sourced from ai's changelog.

6.0.205

Patch Changes

• Updated dependencies [6160ced]
• Updated dependencies [c9b8abd]
  • @​ai-sdk/gateway@​3.0.131

6.0.204

Patch Changes

• Updated dependencies [c5d4716]
  • @​ai-sdk/gateway@​3.0.130

6.0.203

Patch Changes

• f42aa79: fix: harden download URL SSRF guard against hostname and redirect bypasses

  validateDownloadUrl and the file download helpers (downloadBlob, download) could be bypassed in several ways when handling untrusted URLs:

  • A fully-qualified hostname with a trailing dot (e.g. localhost., myhost.local.) skipped the localhost/.local blocklist.
  • IPv6 addresses that embed an IPv4 address in their last 32 bits — IPv4-compatible (::127.0.0.1), IPv4-translated (::ffff:0:127.0.0.1), and NAT64 (64:ff9b::127.0.0.1, including the 64:ff9b:1::/48 local-use prefix) — were not decoded and checked against the private IPv4 ranges.
  • Redirects were validated only after fetch had already followed them, so the request to a redirect target (e.g. an internal/metadata address) had already been issued before the check ran.
  • Several reserved/internal address ranges were not blocked: CGNAT (100.64.0.0/10, used by some cloud providers for internal traffic), benchmarking (198.18.0.0/15), IETF protocol assignments (192.0.0.0/24), the reserved 240.0.0.0/4 block (including the 255.255.255.255 broadcast address), and IPv6 site-local (fec0::/10) and multicast (ff00::/8).

  The validator now strips trailing dots before the hostname checks and fully expands IPv6 addresses to detect embedded private IPv4 targets. The download helpers now follow redirects manually (redirect: 'manual'), re-validating each hop before requesting it, so an unsafe redirect target is never fetched. When a redirect cannot be inspected because the runtime returns an opaque response, the helpers fail closed (reject the redirect) on the server; only in a real browser — where SSRF is not reachable (fetch is constrained by CORS and cannot reach a server's internal network or cloud-metadata endpoints) — is the redirect followed natively so legitimate redirected downloads keep working.

• 5291f7e: Harden stream text processing and middleware against prototype pollution from stream part IDs.

• b4b575a: fix: redact server error details from UI message streams by default

  streamText(...).toUIMessageStream() and createUIMessageStream defaulted their onError callback to getErrorMessage, which serializes the raw error (error.toString() / JSON.stringify(error)) into the client-facing { type: 'error', errorText } chunk — and also into tool-output-error parts. The documented default was () => 'An error occurred.', so applications relying on the documented behavior were unknowingly streaming server exception details (internal hostnames, paths, provider request data, validation inputs) to end users.

  The default onError now returns the documented generic 'An error occurred.'. Raw error details are only emitted when the developer explicitly supplies an onError handler. This also redacts tool-output-error and invalid-tool-input error text by default; pass an onError to surface richer messages.

• Updated dependencies [bfa5864]

• Updated dependencies [f42aa79]

  • @​ai-sdk/provider-utils@​4.0.29
  • @​ai-sdk/gateway@​3.0.129

6.0.202

Patch Changes

• 942f2f8: fix(security): re-validate tool approvals from client message history before execution

  The approval-replay path in generateText/streamText reconstructed approved tool calls from the client-supplied messages array and executed them without re-validating input against the tool's schema or re-checking that the tool actually requires approval. A client could forge an assistant message with a pre-approved tool-call part and have the server execute a tool with attacker-chosen arguments.

... (truncated)

Commits

• 5548672 Version Packages (#16097)
• 63b3f60 Version Packages (#16086)
• bae9bab Version Packages (#16026)
• b4b575a Backport: fix(ai): redact server error details from UI message streams by def...
• f42aa79 Backport: fix(provider-utils,ai): harden download SSRF guard against hostname...
• 5291f7e Backport: fix: Harden stream text processing and middleware against prototype...
• 9ef2c3c Version Packages (#15998)
• 942f2f8 Backport: fix(security): harden tool approval replay path against client-forg...
• dca8c38 Version Packages (#15992)
• 0c8c0ed Backport: fix(ai): return schema-transformed elements in array output mode (#...
• Additional commits viewable in compare view

Updates openai from 6.39.1 to 6.42.0

Release notes

Sourced from openai's releases.

v6.42.0

6.42.0 (2026-06-03)

Full Changelog: v6.41.0...v6.42.0

Features

• api: responses.moderation and chat_completions.moderation (6d8f592)

v6.41.0

6.41.0 (2026-06-01)

Full Changelog: v6.40.0...v6.41.0

Features

• api: Add Amazon Bedrock Responses support (#1899) (535b045)

v6.40.0

6.40.0 (2026-06-01)

Full Changelog: v6.39.1...v6.40.0

Features

• api: workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (aee09f3)

Chores

• remove migrate CLI (673c618)

Changelog

Sourced from openai's changelog.

6.42.0 (2026-06-03)

Full Changelog: v6.41.0...v6.42.0

Features

• api: responses.moderation and chat_completions.moderation (6d8f592)

6.41.0 (2026-06-01)

Full Changelog: v6.40.0...v6.41.0

Features

• api: Add Amazon Bedrock Responses support (#1899) (535b045)

6.40.0 (2026-06-01)

Full Changelog: v6.39.1...v6.40.0

Features

• api: workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (aee09f3)

Chores

• remove migrate CLI (673c618)

Commits

• 6f849f4 release: 6.42.0
• 579edb2 feat(api): responses.moderation and chat_completions.moderation
• 7fa93eb release: 6.41.0
• 3b7fe31 feat(api): Add Amazon Bedrock Responses support (#1899)
• caf499a codegen metadata
• 77bec5b release: 6.40.0
• 0fb7602 feat(api): workload identity in audit logs, additional_tools item in response...
• 4a860b8 chore: remove migrate CLI
• See full diff in compare view

Updates tsx from 4.22.3 to 4.22.4

Release notes

Sourced from tsx's releases.

v4.22.4

4.22.4 (2026-05-31)

Bug Fixes

• resolve CommonJS directory requires inside dependencies (#803) (1ce8463)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803)
• See full diff in compare view

Updates vitest from 4.1.7 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

Commits

• e61f2dd chore: release v4.1.8
• e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions